If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Laws on posessing malicious code

I'm just curious on what the laws are regarding the posession of malicious code/software. As far as I know, the code, and the distribution of the code and binaries is covered under the First Amendment.

The biggest problem is of course the definition of malicious code. Format.exe is very malicious if used by someone wanting to destroy data. Then again, there are good reasons too for destroying the data on your harddisk. For example, because you want to re-use your system with a completely new operating system.

The same could be said about other kinds of malicious code. Pieces of this code could have legitime use. Even funnier, you might actually have that kind of code to check your own protection. Think about it as a factory that creates bulletproof jackets, yet they're not allowed to have guns or ammunition and they're definitely not allowed to shoot anything at their own vests. How would they know for sure it's bulletproof if they're not allowed to test it?

Actually, there are many people out there who create malicious code as a "proof of concept". By keeping this code in a well-maintained system, (in the lab) they kan keep the world clean yet test for many vulnerabilities. And there are quite a lot of vulnerabilities out there.

Malicious code control would be similar to gun control. People do have rights to use these things for proper reasons. Unfortunately it's not possible to cleck if people are using it for valid reasons.

Basically, it's just better to judge people on their actions than on what they possess...

It is generally accepted by US courts that computer code is intellectual property, is considered a form of free speech, and therefore protected by the First Amendment. One could write the most destructive or harmful code ever, and it would be considered free speech, protected by the First Amendment.
This includes viruses, worms, and encryption software.

Thanks for the AP, A_T.
Still, even the possession of the code of a virus can still have legitimate purposes. The code of the Melissa virus, for example, has been available on the Internet and you might still be able to find it somewhere. I've heard about the Christmas virus that spread around 15 years ago or maybe even longer. If I heard correctly, the creator of that "Christmas" virus just wanted to wish 'Merry Christmas' to as many people as possible, within his company. (IBM) So he wrote something that would read the address book of the user to send itself to everyone in that address book.
Which of course ended up in half the company mailing the other half of the company and thus a mailserver that seriously needed antidepressiva...

As I said, people should be judged based on their actions, not on what they happen to possess. So it's fine if you have the sourcecode of some virus. You can learn a lot from it, sometimes. Especially when you yourself are interested in programming and software development. The code of a virus can tell you about possible vulnerabilities in your code. Buffer overflow errors, for example. In the past, no one was really aware of the risks of this. Nowadays, it's considered a very huge risk. Even worse, a buffer overflow would theoretically allow badly-written code to execute arbitrary code in a data file. This happened with Microsoft in their JPeG-decompression libraries. As a result, *.jpg files can now be used to infect other systems and thus have to be classified as containing a possible virus... (Microsoft patched this, though, although not everyone has installed this patch.)

I myself are interested in hacking, but from the security pointview. I want to know how hackers work so I can avoid falling into their traps. As such, I am a bit of a hacker myself (must remind myself to buy a white hat) and I even have some books about this topic too. I even have a book about computer viruses that's about 16 years old, I think. (Gift from my dad.) It talks mostly about those old MS-DOS viruses but it also has plenty of example code about how they work, internally.

Let's compare it to a real-life example then. Say, you're a security guard. Would your chances of keeping an area secure increase if you know how criminals can break into a building? If you know how to detect a weak spot in a security system? If you know how security systems can be bypassed? I think it does.
An experienced security guard might become suspicious if one security camera temporarily displays some snow before it gives a normal image back. He knows someone might have tampered with the signal at that point and thus he (hopefully) will check it out.
An inexperienced guard will probably think everything is okay, while in the meantime some robber might have switched the signal from the camera with that of some VCR system. This gives him a chance to rob the system and then get away with it.

I think that everyone who uses a computer should be aware of possible security risks. Especially when they start using this computer for their online banking and to make online purchases. I also think we need a lot of online security guards just to keep the Internet safe. I'm still just a trainee but I know that for me to become real good at keeping things secure, then I will need to know how a virus or a worm works, exactly.

So basically, I think there should be no punishment for possession of malware. Neither should there be a punishment if you use this malware on your own systems only. However, punishments are required if you spread around this malware and the punishment should be related to the amount of damage caused by this malware.

I've never seen any books on virus writing, what's the title? I like to study the code...though I'm a novice programmer. I have the msblaster source that I look at frequently, slowly but surely starting to understand it. I've actually changed a few things (almost a year ago) and released it on a network to see if what I changed could reinfect the machines.

It infected one of them, even though it had the MS patch...so that was interesting...but the system just crashed on boot. If I can find what I did with my version of it, I can post it.

A_T

edit: some of the main things i changed were syntax errors i found that got past the compiler, and a lot of performance issues, like using srand() so often, when you only need it once.

Originally posted here by AxessTerminated I've never seen any books on virus writing, what's the title? I like to study the code...though I'm a novice programmer. I have the msblaster source that I look at frequently, slowly but surely starting to understand it. I've actually changed a few things (almost a year ago) and released it on a network to see if what I changed could reinfect the machines.

John McAffe wrote a book named Computer Viruses, Worms, Data Diddlers, Killer Programs, And Other Threats To Your System. (Some Title ) This book has assembler source for viruses. The book is old, but the concepts remain. I've seen others but the titles have escaped my brain.

Most of the virus source I see is in asm, is this because it was decompiled that way, or are most viruses, like Zotob, and the original msblaster written in ASM? The MSBlast variant I've seen is in VC++.